<div dir="ltr"><a href="https://www.riskbasedsecurity.com/2018/05/too-good-to-be-true-breach-activity-declines-in-q1-2018-to-2012-level/">https://www.riskbasedsecurity.com/2018/05/too-good-to-be-true-breach-activity-declines-in-q1-2018-to-2012-level/</a><br clear="all"><div><div class="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><br><div><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><span style="color:rgb(68,68,68);font-family:Arial,Tahoma,Verdana;font-size:13px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(247,247,247);text-decoration-style:initial;text-decoration-color:initial">After year over year increases in the number of reported data breaches, Risk Based Security has released the results of their<span> </span></span><a href="https://pages.riskbasedsecurity.com/2018-q1-breach-quickview-report" target="_blank" rel="noopener" style="color:rgb(0,103,162);text-decoration:none;font-family:Arial,Tahoma,Verdana;font-size:13px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(247,247,247)"><span style="font-weight:400">Q1 2018 Data Breach QuickView Report</span></a><span style="color:rgb(68,68,68);font-family:Arial,Tahoma,Verdana;font-size:13px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(247,247,247);text-decoration-style:initial;text-decoration-color:initial">, showing the number of breaches disclosed in the first three months of the year fell to 686 compared to 1,444 breaches reported in Q1 2017. The number of records compromised in the quarter remained high, with over 1.4 billion records exposed.</span><br></div></div><div dir="ltr"><span style="color:rgb(68,68,68);font-family:Arial,Tahoma,Verdana;font-size:13px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(247,247,247);text-decoration-style:initial;text-decoration-color:initial"><br></span></div><div dir="ltr"><span style="color:rgb(68,68,68);font-family:Arial,Tahoma,Verdana;font-size:13px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(247,247,247);text-decoration-style:initial;text-decoration-color:initial"><p style="margin:0px;padding:0px 0px 10px;color:rgb(68,68,68);font-family:Arial,Tahoma,Verdana;font-size:13px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(247,247,247);text-decoration-style:initial;text-decoration-color:initial"><span style="font-weight:400">“We knew we were seeing less activity than prior quarters but we were still surprised by the final tally” commented Inga Goddijn, Executive Vice President at Risk Based Security. “We were geared up for a wave of activity targeting tax filing data that never fully materialized as expected.” Indeed, in Q1 2017 there were over 200 instances of phishing for employee W2 data. At the end of April 2018, that activity had waned to just over 30 such such reported events.</span></p><p style="margin:0px;padding:0px 0px 10px;color:rgb(68,68,68);font-family:Arial,Tahoma,Verdana;font-size:13px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(247,247,247);text-decoration-style:initial;text-decoration-color:initial"><span style="font-weight:400">Shifting tactics also appears to have played a role in the decrease. Crypo-mining malware and cryptojacking has been a part of the threat landscape since early 2017. However the spike in the value of cryptocurrencies that took place in January fueled a rapid expansion into the theft of computing resources. Goddijn went on to comment, “While there is no direct data linking the rise of crypo-miners to a reduction in data breach activity, there are tantalizing bits of evidence that lead us to believe there is some level of relationship at play here.”</span></p><p style="margin:0px;padding:0px 0px 10px;color:rgb(68,68,68);font-family:Arial,Tahoma,Verdana;font-size:13px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(247,247,247);text-decoration-style:initial;text-decoration-color:initial"><span style="font-weight:400">Beyond the number of breaches reported, many of the trends observed throughout 2017 continued to be evident in the first three months of 2018. For example, the top 5 breach types that dominated recent reports – hacking, skimming, inadvertent disclosure on the Internet, phishing and malware – all remained the top breach types into 2018. Likewise, the vast majority of breaches are still originating from outside the organization, most events are being discovered by external parties, the data types targeted and average number of records compromised showed little variation from 2017. Ms Goddijn added, “Other than the dip in the number of data breaches reported, Q1 2018 was very much in lock step with recent quarters. If there was a truly seismic shift in breach activity we would expect other metrics to show some signs of change as well. Given this, we think the jury is still out on whether the dip is a one-time blip or part of a larger trend.”</span></p><p style="margin:0px;padding:0px 0px 10px;color:rgb(68,68,68);font-family:Arial,Tahoma,Verdana;font-size:13px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(247,247,247);text-decoration-style:initial;text-decoration-color:initial"><span style="font-weight:400">In addition the typical metrics found in the Data Breach QuickView Report, Risk Based Security added two new enhancements this quarter. First we included the metrics on the average number of days between breach discovery and disclosure.</span></p><p style="margin:0px;padding:0px 0px 10px;color:rgb(68,68,68);font-family:Arial,Tahoma,Verdana;font-size:13px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(247,247,247);text-decoration-style:initial;text-decoration-color:initial"><span style="font-weight:400">“We have tracked a variety of dates for many years but haven’t included an analysis of this data in our breach reports. With the GDPR taking effect in May, we wanted to share how well organizations might be able to comply with<span> </span></span><a href="https://gdpr-info.eu/art-33-gdpr/" target="_blank" rel="noopener" style="color:rgb(0,103,162);text-decoration:none"><span style="font-weight:400">Article 33 – the 72 hour notification rule</span></a><span style="font-weight:400"><span> </span>based on our research.” said Ms Goddijn. To that end, the Q1 2018 report includes an analysis of the average number of days between the day the organization first learns of the breach event and the day the event is publicly reported. The findings are encouraging, showing the average number of days between discovery and disclosure has been steadily declining from year to year. However at a current average of 37.9 days, the analysis shows there is still work to be done to meet the obligation to report a breach to the authorities within 72 hours of becoming aware of the event.</span></p><p style="margin:0px;padding:0px 0px 10px;color:rgb(68,68,68);font-family:Arial,Tahoma,Verdana;font-size:13px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(247,247,247);text-decoration-style:initial;text-decoration-color:initial"><span style="font-weight:400">The other new feature of the breach report moving forward is a companion webinar session. Each quarter, Risk Based Security will offer a 30-minute dive into the report findings as well as a discussion of the most interesting and prominent events disclosed in the quarter. The discussion of the Q1 QuickView Report can be found here:</span></p><p style="margin:0px;padding:0px 0px 10px;color:rgb(68,68,68);font-family:Arial,Tahoma,Verdana;font-size:13px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(247,247,247);text-decoration-style:initial;text-decoration-color:initial"><a href="https://www.brighttalk.com/webcast/16541/315539/the-data-breach-landscape-trends-and-highlights-from-q1-2018" target="_blank" rel="noopener" style="color:rgb(0,103,162);text-decoration:none"><span style="font-weight:400">The Data Breach Landscape – Trends and Highlights From Q1 2018</span></a></p><p style="margin:0px;padding:0px 0px 10px;color:rgb(68,68,68);font-family:Arial,Tahoma,Verdana;font-size:13px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(247,247,247);text-decoration-style:initial;text-decoration-color:initial"><span style="font-weight:400">Risk Based Security has been capturing and aggregating data breach events for well over a decade. The resulting wealth of breach data coupled with actionable security ratings for organizations has made Risk Based Security a leader in vendor risk management, cyber insurance and risk modeling. For more information, contact Risk Based Security at 855-RBS- RISK or visit <a href="http://www.riskbasedsecurity.com">www.riskbasedsecurity.com</a>.</span></p><p style="margin:0px;padding:0px 0px 10px;color:rgb(68,68,68);font-family:Arial,Tahoma,Verdana;font-size:13px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(247,247,247);text-decoration-style:initial;text-decoration-color:initial"><b>About the Data Breach QuickView Report</b></p><p style="margin:0px;padding:0px 0px 10px;color:rgb(68,68,68);font-family:Arial,Tahoma,Verdana;font-size:13px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(247,247,247);text-decoration-style:initial;text-decoration-color:initial"><span style="font-weight:400">The Data Breach QuickView report is possible through the research conducted by</span><a href="https://www.riskbasedsecurity.com/" target="_blank" rel="noopener" style="color:rgb(0,103,162);text-decoration:none"><span> </span><span style="font-weight:400">Risk Based Security</span></a><span style="font-weight:400">. It is designed to provide an executive level summary of the key findings from RBS’ analysis of breach activity disclosed in the first three months of 2018. Contact Risk Based Security for any specific analysis of the data breaches of specific interest to your organization.</span></p><p style="margin:0px;padding:0px 0px 10px;color:rgb(68,68,68);font-family:Arial,Tahoma,Verdana;font-size:13px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(247,247,247);text-decoration-style:initial;text-decoration-color:initial"><span style="font-weight:400">You can get your copy of the Q1 2018 Data Breach QuickView Report here:</span></p><p style="margin:0px;padding:0px 0px 10px;color:rgb(68,68,68);font-family:Arial,Tahoma,Verdana;font-size:13px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(247,247,247);text-decoration-style:initial;text-decoration-color:initial"><a href="https://pages.riskbasedsecurity.com/2018-q1-breach-quickview-report" target="_blank" rel="noopener" style="color:rgb(0,103,162);text-decoration:none"><span style="font-weight:400">Get The Q1 2018 Report</span></a></p><p style="margin:0px;padding:0px 0px 10px;color:rgb(68,68,68);font-family:Arial,Tahoma,Verdana;font-size:13px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(247,247,247);text-decoration-style:initial;text-decoration-color:initial"><b>About Risk Based Security</b></p><p style="margin:0px;padding:0px 0px 10px;color:rgb(68,68,68);font-family:Arial,Tahoma,Verdana;font-size:13px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(247,247,247);text-decoration-style:initial;text-decoration-color:initial"><span style="font-weight:400">Risk Based Security (RBS) provides detailed information and analysis on Data Breaches, Vendor Risk Ratings and Vulnerability Intelligence. Our products,</span><a href="https://www.cyberriskanalytics.com/" target="_blank" rel="noopener" style="color:rgb(0,103,162);text-decoration:none"><span> </span><span style="font-weight:400">Cyber Risk Analytics (CRA)</span></a><span style="font-weight:400"><span> </span>and</span><a href="https://vulndb.cyberriskanalytics.com/" target="_blank" rel="noopener" style="color:rgb(0,103,162);text-decoration:none"><span> </span><span style="font-weight:400">VulnDB</span></a><span style="font-weight:400">, provide organizations access to the most comprehensive threat intelligence knowledge bases available, including advanced search capabilities, access to raw data via API, and email alerting to assist organizations in taking the right actions in a timely manner. In addition, our</span><a href="https://www.yourciso.com/" target="_blank" rel="noopener" style="color:rgb(0,103,162);text-decoration:none"><span style="font-weight:400">YourCISO</span></a><span style="font-weight:400"><span> </span>offering provides organizations with on-demand access to high quality security and information risk management resources in one, easy to use web portal.</span></p><br></span></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div>
</div>